iptsec 1.12.11devel
Loading...
Searching...
No Matches
auth_plugin.h
Go to the documentation of this file.
1/*
2 * This file is part of the Sofia-SIP package
3 *
4 * Copyright (C) 2005 Nokia Corporation.
5 *
6 * Contact: Pekka Pessi <pekka.pessi@nokia-email.address.hidden>
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 *
23 */
24
25#ifndef AUTH_PLUGIN_H
27#define AUTH_PLUGIN_H
28
37#ifndef AUTH_MODULE_H
39#endif
40
41#ifndef AUTH_DIGEST_H
43#endif
44
45#ifndef AUTH_COMMON_H
47#endif
48
49#ifndef MSG_DATE_H
50#include <sofia-sip/msg_date.h>
51#endif
52
53#ifndef SU_MD5_H
54#include <sofia-sip/su_md5.h>
55#endif
56
57#include <sofia-sip/htable.h>
58
59SOFIA_BEGIN_DECLS
60
61/* ====================================================================== */
62/* Plugin interface for authentication */
63
66{
68 char const *asch_method;
69
71 usize_t asch_size;
72
75 auth_scheme_t *base,
76 su_root_t *root,
77 tag_type_t tag, tag_value_t value, ...);
78
81 auth_status_t *as,
82 msg_auth_t *auth,
83 auth_challenger_t const *ch);
84
87 auth_status_t *as,
88 auth_challenger_t const *ch);
89
94 auth_status_t *as);
95
101
102};
103
105typedef struct
106{
107 unsigned apw_index;
108 void const *apw_type;
110 char const *apw_user;
111 char const *apw_realm;
112 char const *apw_pass;
113 char const *apw_hash;
114 char const *apw_ident;
117
118
119HTABLE_DECLARE_WITH(auth_htable, aht, auth_passwd_t, usize_t, unsigned);
120
121struct stat;
122
125{
126 su_home_t am_home[1];
127 unsigned _am_refcount;
129 /* User database / cache */
130 char const *am_db;
131 struct stat *am_stat;
132 auth_htable_t am_users[1];
134 void *am_buffer;
140 /* Attributes */
142 char const *am_realm;
143 char const *am_opaque;
144 char const *am_gssapi_data;
145 char const *am_targetname;
147 char const **am_allow;
148 msg_param_t am_algorithm;
149 msg_param_t am_qop;
150 unsigned am_expires;
151 unsigned am_next_exp;
152 unsigned am_blacklist;
153 unsigned am_forbidden:1;
154 unsigned am_anonymous:1;
155 unsigned am_challenge:1;
156 unsigned am_nextnonce:1;
157 unsigned am_mutual:1;
158 unsigned am_fake:1;
160 unsigned :0;
161 unsigned am_count;
168 unsigned am_max_ncount:1;
169};
170
173 char const *user,
174 char const *realm);
175
178 char const *user,
179 char const *realm);
180
182
184
185SOFIAPUBFUN msg_auth_t *auth_mod_credentials(msg_auth_t *auth,
186 char const *scheme,
187 char const *realm);
188
190 tag_type_t, tag_value_t, ...);
191
192#define AUTH_PLUGIN(am) (auth_plugin_t *)((am) + 1)
193
196 auth_scheme_t *base,
197 su_root_t *root,
198 tag_type_t tag, tag_value_t value, ...);
199
202
205
209 auth_status_t *as,
210 msg_auth_t *auth,
211 auth_challenger_t const *ach);
212
215 auth_status_t *as,
216 auth_challenger_t const *ach);
217
220msg_auth_t *auth_digest_credentials(msg_auth_t *auth,
221 char const *realm,
222 char const *opaque);
223
226 auth_status_t *as,
227 msg_auth_t *au,
228 auth_challenger_t const *ach);
229
232 auth_status_t *as,
233 auth_challenger_t const *ach);
234
237 auth_status_t *as,
238 auth_response_t *ar,
239 auth_challenger_t const *ach);
240
243 auth_status_t *as,
244 auth_challenger_t const *ach);
245
248 char buffer[],
249 size_t buffer_len,
250 int nextnonce,
251 msg_time_t now);
252
255 auth_status_t *as,
256 auth_response_t *ar,
257 msg_time_t now);
258
260
263SOFIAPUBFUN void auth_md5_hmac_digest(auth_mod_t *am, su_md5_t *md5,
264 void *hmac, size_t size);
265
266SOFIA_END_DECLS
267
268#endif /* !defined AUTH_PLUGIN_H */
Functions common for client/server.
Datatypes and functions for Digest authentication.
Authentication verification interface.
struct auth_uplugin_t auth_uplugin_t
Opaque authentication operation data used by plugin module.
Definition auth_module.h:73
struct auth_scheme const auth_scheme_t
Virtual table for authentication plugin.
Definition auth_module.h:66
void auth_method_digest(auth_mod_t *am, auth_status_t *as, msg_auth_t *au, auth_challenger_t const *ach)
Authenticate a request with Digest authentication scheme.
Definition auth_module.c:634
void auth_md5_hmac_init(auth_mod_t *am, su_md5_t *md5)
Init md5 for MD5-based HMAC.
Definition auth_module.c:1488
void auth_method_basic(auth_mod_t *am, auth_status_t *as, msg_auth_t *auth, auth_challenger_t const *ach)
Basic scheme.
Definition auth_module.c:517
int auth_allow_check(auth_mod_t *am, auth_status_t *as)
Check if request method is on always-allowed list.
Definition auth_module.c:1224
isize_t auth_generate_digest_nonce(auth_mod_t *am, char buffer[], size_t buffer_len, int nextnonce, msg_time_t now)
Generate nonce parameter.
Definition auth_module.c:1372
msg_auth_t * auth_digest_credentials(msg_auth_t *auth, char const *realm, char const *opaque)
Digest scheme.
Definition auth_module.c:1287
void auth_challenge_basic(auth_mod_t *am, auth_status_t *as, auth_challenger_t const *ach)
Construct a challenge header for Basic authentication scheme.
Definition auth_module.c:578
void auth_destroy_default(auth_mod_t *am)
Default destroy method.
Definition auth_module.c:269
auth_passwd_t * auth_mod_getpass(auth_mod_t *am, char const *user, char const *realm)
Get an passwd entry for user.
Definition auth_module.c:841
int auth_validate_digest_nonce(auth_mod_t *am, auth_status_t *as, auth_response_t *ar, msg_time_t now)
Validate nonce parameter.
Definition auth_module.c:1403
int auth_readdb(auth_mod_t *am)
Read authentication database.
Definition auth_module.c:927
void auth_info_digest(auth_mod_t *am, auth_status_t *as, auth_challenger_t const *ach)
Construct a info header for Digest authentication scheme.
Definition auth_module.c:816
int auth_readdb_if_needed(auth_mod_t *am)
Read authentication database only when needed.
Definition auth_module.c:933
auth_passwd_t * auth_mod_addpass(auth_mod_t *am, char const *user, char const *realm)
Add a password entry.
Definition auth_module.c:869
void auth_check_digest(auth_mod_t *am, auth_status_t *as, auth_response_t *ar, auth_challenger_t const *ach)
Verify digest authentication.
Definition auth_module.c:667
void auth_challenge_digest(auth_mod_t *am, auth_status_t *as, auth_challenger_t const *ach)
Construct a challenge header for Digest authentication scheme.
Definition auth_module.c:773
int auth_init_default(auth_mod_t *am, auth_scheme_t *base, su_root_t *root, tag_type_t tag, tag_value_t value,...)
Initialize an authentication module instance.
Definition auth_module.c:125
void auth_cancel_default(auth_mod_t *am, auth_status_t *as)
Default cancel method.
Definition auth_module.c:475
msg_auth_t * auth_mod_credentials(msg_auth_t *auth, char const *scheme, char const *realm)
Find a credential header with matching scheme and realm.
Definition auth_module.c:1246
auth_mod_t * auth_mod_alloc(auth_scheme_t *scheme, tag_type_t, tag_value_t,...)
Allocate an authentication module instance.
Definition auth_module.c:92
unsigned long msg_time_t
Authentication challenge.
Definition auth_module.h:150
Common data for authentication module.
Definition auth_plugin.h:125
su_md5_t am_hmac_opad
MD5 with outer pad.
Definition auth_plugin.h:166
su_md5_t am_hmac_ipad
MD5 with inner pad.
Definition auth_plugin.h:165
unsigned am_max_ncount
If nonzero, challenge with new nonce after ncount.
Definition auth_plugin.h:168
unsigned am_mutual
Mutual authentication.
Definition auth_plugin.h:157
unsigned am_challenge
Challenge even if successful.
Definition auth_plugin.h:155
unsigned am_anonymous
Allow anonymous access.
Definition auth_plugin.h:154
unsigned am_fake
Fake authentication.
Definition auth_plugin.h:158
unsigned am_forbidden
Respond with 403 if bad credentials.
Definition auth_plugin.h:153
unsigned am_nextnonce
Send next nonce in responses.
Definition auth_plugin.h:156
auth_htable_t am_users[1]
Table of users.
Definition auth_plugin.h:132
msg_param_t am_algorithm
Defauilt algorithm.
Definition auth_plugin.h:148
char const * am_db
User database file name.
Definition auth_plugin.h:130
char const * am_targetname
NTLM target name.
Definition auth_plugin.h:145
uint8_t am_master_key[16]
Private master key.
Definition auth_plugin.h:163
auth_passwd_t * am_anon_user
Special entry for anonymous user.
Definition auth_plugin.h:138
unsigned _am_refcount
Not used.
Definition auth_plugin.h:127
unsigned am_next_exp
Next nonce lifetime.
Definition auth_plugin.h:151
char const * am_opaque
Opaque identification data.
Definition auth_plugin.h:143
struct stat * am_stat
State of user file when read.
Definition auth_plugin.h:131
url_t * am_remote
Remote authenticator.
Definition auth_plugin.h:141
void * am_buffer
Buffer for database.
Definition auth_plugin.h:134
char const ** am_allow
Methods to allow without authentication.
Definition auth_plugin.h:147
auth_passwd_t * am_locals
Entries from local user file.
Definition auth_plugin.h:135
auth_scheme_t * am_scheme
Authentication scheme (Digest, Basic).
Definition auth_plugin.h:146
char const * am_realm
Our realm.
Definition auth_plugin.h:142
size_t am_local_count
Number of entries from local user file.
Definition auth_plugin.h:136
unsigned am_expires
Nonce lifetime.
Definition auth_plugin.h:150
unsigned am_blacklist
Extra delay if bad credentials.
Definition auth_plugin.h:152
unsigned am_count
Nonce counter.
Definition auth_plugin.h:161
char const * am_gssapi_data
NTLM data.
Definition auth_plugin.h:144
msg_param_t am_qop
Default qop (quality-of-protection)
Definition auth_plugin.h:149
User data structure.
Definition auth_plugin.h:106
void const * apw_type
Magic identifier.
Definition auth_plugin.h:108
char const * apw_realm
Realm.
Definition auth_plugin.h:111
unsigned apw_index
Key to hash table.
Definition auth_plugin.h:107
auth_uplugin_t * apw_extended
Method-specific extension.
Definition auth_plugin.h:115
char const * apw_hash
MD5 of the username, realm and pass.
Definition auth_plugin.h:113
char const * apw_ident
Identity information.
Definition auth_plugin.h:114
char const * apw_user
Username.
Definition auth_plugin.h:110
char const * apw_pass
Password.
Definition auth_plugin.h:112
Digest parameters for digest-response in Authorize.
Definition auth_digest.h:117
Authentication scheme.
Definition auth_plugin.h:66
void(* asch_destroy)(auth_mod_t *am)
Reclaim resources an authentication module.
Definition auth_plugin.h:100
void(* asch_challenge)(auth_mod_t *am, auth_status_t *as, auth_challenger_t const *ch)
Create a challenge.
Definition auth_plugin.h:86
void(* asch_cancel)(auth_mod_t *am, auth_status_t *as)
Cancel an asynchronous authentication request.
Definition auth_plugin.h:93
char const * asch_method
Name.
Definition auth_plugin.h:68
int(* asch_init)(auth_mod_t *am, auth_scheme_t *base, su_root_t *root, tag_type_t tag, tag_value_t value,...)
Initialize module.
Definition auth_plugin.h:74
void(* asch_check)(auth_mod_t *am, auth_status_t *as, msg_auth_t *auth, auth_challenger_t const *ch)
Check authentication.
Definition auth_plugin.h:80
usize_t asch_size
Size of module object.
Definition auth_plugin.h:71
Authentication operation result.
Definition auth_module.h:97
SU_HOME_T su_home_t
#define SOFIAPUBFUN
intptr_t tag_value_t
struct tag_type_s const * tag_type_t
SU_U8_T uint8_t
struct su_root_t su_root_t

Sofia-SIP 1.12.11devel - Copyright (C) 2006 Nokia Corporation. All rights reserved. Licensed under the terms of the GNU Lesser General Public License.